🔒 Privacy Policy
Effective Date: January 1, 2025
DevOps Agent is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
📌 Key Points:
- We collect account information, usage data, and cloud credentials
- Your data is encrypted and stored securely
- We do NOT sell your personal information
- You have rights to access, correct, and delete your data
- This policy is GDPR and CCPA compliant
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address - for account identification and communication
- Username - for account identification
- Password - hashed using bcrypt (we never store plain-text passwords)
- Account creation date - for record keeping
- Last login information - for security monitoring
1.2 Usage Data
When you use the Service, we automatically collect:
- Commands and prompts - to process your requests
- API usage statistics - to track your credit consumption
- Chat history - to provide context for conversations
- Session data - for maintaining your login state
- IP addresses - for security and fraud prevention
- Browser and device information - for compatibility and optimization
1.3 Cloud Provider Credentials
To manage your infrastructure, we store:
- AWS Access Keys - encrypted before storage
- Azure Service Principals - encrypted before storage
- GCP Service Account Keys - encrypted before storage
- SSH Keys - encrypted before storage
⚠️ Security Note: All cloud credentials are encrypted using industry-standard encryption (AES-256) before being stored in our database. We use separate encryption keys that are securely managed and rotated regularly.
1.4 Payment Information
If you purchase credits or subscriptions:
- Payment details are processed by Stripe - we do NOT store your credit card information
- We receive only transaction confirmations and receipt information
- Stripe complies with PCI-DSS standards
2. How We Use Your Information
We use the collected information for:
| Purpose |
Data Used |
| Service Provision |
Account info, usage data, cloud credentials |
| Authentication & Security |
Email, password, IP address, login attempts |
| Communication |
Email address for service updates and support |
| Billing & Credits |
Usage data, payment information |
| Service Improvement |
Usage patterns, error logs, performance metrics |
| Fraud Prevention |
IP addresses, usage patterns, account activity |
| Legal Compliance |
All data as required by law |
3. How We Share Your Information
3.1 Third-Party Service Providers
We share data with trusted third parties who help us operate the Service:
Our Service Providers:
- Anthropic (Claude AI) - AI model provider for processing commands
- Cloud Providers (AWS, Azure, GCP) - Infrastructure hosting
- Stripe - Payment processing
- Database Hosting - Secure data storage
Note: These providers are contractually obligated to protect your data and use it only for the purposes we specify.
3.2 When We DO NOT Share Your Data
- ❌ We do NOT sell your personal information to third parties
- ❌ We do NOT share your data for marketing purposes
- ❌ We do NOT provide your data to advertisers
- ❌ We do NOT share your cloud credentials with anyone
3.3 Legal Requirements
We may disclose your information if required by law, such as:
- Compliance with legal process (subpoena, court order)
- Enforcement of our Terms of Service
- Protection of our rights, property, or safety
- Prevention of fraud or illegal activity
4. Data Security
4.1 Security Measures We Implement
- ✅ Encryption at Rest - All data encrypted in our database (AES-256)
- ✅ Encryption in Transit - HTTPS/TLS for all communications
- ✅ Password Hashing - bcrypt with salt for password storage
- ✅ API Key Encryption - Cloud credentials encrypted separately
- ✅ Access Controls - Role-based access to infrastructure
- ✅ Account Lockout - Protection against brute force attacks
- ✅ Rate Limiting - Prevention of abuse and DDoS
- ✅ Security Logging - Monitoring and audit trails
- ✅ Regular Security Audits - Periodic vulnerability assessments
⚠️ Important Disclaimer: While we use industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You transmit data to us at your own risk.
4.2 Your Security Responsibilities
To keep your account secure, you should:
- Use a strong, unique password
- Never share your password with anyone
- Enable two-factor authentication (if available)
- Regularly review your account activity
- Report suspicious activity immediately
- Keep your cloud provider credentials secure
5. Data Retention
We retain your data for different periods depending on the type:
| Data Type |
Retention Period |
| Account Information |
As long as your account is active |
| Chat History |
Until you delete it or close your account |
| Usage Logs |
90 days for operational purposes |
| Security Logs |
1 year for security and compliance |
| Payment Records |
7 years for tax and legal compliance |
| Deleted Account Data |
Permanently deleted within 90 days |
6. Your Privacy Rights
6.1 Rights Under GDPR (European Users)
If you are in the European Economic Area (EEA), you have the right to:
- ✅ Access - Request a copy of your personal data
- ✅ Rectification - Correct inaccurate or incomplete data
- ✅ Erasure ("Right to be Forgotten") - Request deletion of your data
- ✅ Restriction - Limit how we use your data
- ✅ Data Portability - Receive your data in a machine-readable format
- ✅ Object - Object to processing of your data
- ✅ Withdraw Consent - Revoke previously given consent
6.2 Rights Under CCPA (California Users)
If you are a California resident, you have the right to:
- ✅ Know what personal information is collected
- ✅ Know whether your data is sold or disclosed
- ✅ Opt-out of the sale of your personal information
- ✅ Access your personal information
- ✅ Request deletion of your personal information
- ✅ Non-discrimination for exercising your rights
6.3 How to Exercise Your Rights
To exercise any of these rights, you can:
- 📧 Contact us through the application support form
- ⚙️ Use the Settings page to manage your account
- 🗑️ Delete your chat history from the dashboard
- ❌ Close your account from the Settings page
Response Time: We will respond to your requests within 30 days (GDPR) or 45 days (CCPA).
7. Cookies and Tracking
7.1 Cookies We Use
- Session Cookies - Essential for login and authentication
- Preference Cookies - Remember your language and settings
- Security Cookies - Prevent fraud and enhance security
7.2 Third-Party Tracking
We do NOT use:
- ❌ Google Analytics or similar tracking tools
- ❌ Advertising cookies
- ❌ Social media tracking pixels
8. International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure that:
- Data transfers comply with GDPR and other applicable laws
- Adequate safeguards are in place (Standard Contractual Clauses)
- Third-party processors are contractually bound to protect your data
9. Children's Privacy
DevOps Agent is NOT intended for use by children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete it immediately.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be:
- Posted on this page with an updated "Effective Date"
- Notified to you via email for material changes
- Effective immediately upon posting
Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.
11. Third-Party Services
11.1 Services We Integrate With
DevOps Agent integrates with the following third-party services:
Important: We are not responsible for the privacy practices of these third-party services. We recommend reviewing their privacy policies.
12. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify you via email within 72 hours (GDPR requirement)
- Inform relevant regulatory authorities as required by law
- Provide details about the breach and steps we're taking
- Advise you on protective measures you should take
13. Do Not Track Signals
Our Service does not currently respond to "Do Not Track" (DNT) browser signals, as there is no industry standard for how to respond to such signals.
14. Contact Information
For privacy-related questions or concerns, please contact us through:
- 📧 The support form in the application
- ⚙️ The Settings page
- 📋 Our Usage Policy for general terms
📢 GDPR Data Protection Officer (DPO): For GDPR-specific inquiries, please mark your communication as "Attention: Data Protection Officer."
15. Summary of Key Points
Quick Privacy Summary:
| What we collect |
Account info, usage data, cloud credentials (encrypted) |
| How we use it |
Service provision, security, billing, improvement |
| Who we share with |
Essential service providers only (Anthropic, cloud hosts, Stripe) |
| Do we sell data? |
❌ NO, we do NOT sell your personal information |
| Your rights |
Access, correct, delete, download your data (GDPR/CCPA) |
| Security |
Encryption, hashing, access controls, monitoring |
| Data retention |
Active accounts retained; deleted within 90 days after closure |
| Compliance |
GDPR, CCPA, industry standards |
← Back to Dashboard